Configure user permissions

Mikhail Serov

ADCM role model is designed for configuring user permissions via policies. As a result of a policy being applied the user has access only to the actions and ADCM objects that are included in that policy.

The ADCM offers a few ready-made user roles (sets of rules). You also can create your own roles to get the most suitable roles for your tasks.

Below are examples of configuring user permissions with the help of created policies.

Configure cluster administrator permissions

Let there exist two ADCM clusters named ADH and ADH Prod, and an ADCM user named user, who belongs to the group 1 group and is not an administrator of any cluster. To create a policy that allows user to obtain cluster administrator permissions for the ADH cluster, do the following:

  1. Enter the policy name — user ADH.

  2. Select the Cluster Administrator role and the group 1 group.

    The first step of creating a policy for the user
    The first step of creating a policy for the user

  3. Select the ADH cluster.

    The second step of creating a policy for the user
    The second step of creating a policy for the user

  4. Apply the policy by clicking Create.

After the policy is applied, user is able to see only the ADH cluster on the Clusters page. The user also has the cluster administrator permissions for the ADH cluster.

The Clusters page as seen by the user
The Clusters page as seen by the user

Let there exist an ADCM user named another_user, who belongs to the group 2 group and is not an administrator of any cluster. Make that user the ADH Prod cluster administrator via the actions similar to the actions above.

After the policy is applied, another_user is able to see only the ADH Prod cluster on the Clusters page. another_user also has the cluster administrator permissions for the ADH Prod cluster.

The Clusters page as seen by another_user
The Clusters page as seen by another_user

The ADCM administrator is able to view all clusters in the system.

The Clusters page as seen by the ADCM administrator
The Clusters page as seen by the ADCM administrator

Configure service administrator permissions

Let there exist an ADCM cluster named ADH Prod that has the HDFS service among others. Also let there exist an ADCM user named user, who belongs to the group 1 group and is not an administrator of any service. To create a policy that allows user to obtain service administrator permissions for the HDFS service in the ADH Prod cluster, do the following:

  1. Enter the policy name — user ADH Prod HDFS.

  2. Select the Service Administrator role and the group 1 group.

    The first step of creating a policy for the user
    The first step of creating a policy for the user

  3. Select the HDFS service in the ADH Prod cluster.

    The second step of creating a policy for the user
    The second step of creating a policy for the user

  4. Apply the policy by clicking Create.

After the policy is applied, user is able to see only the HDFS service on the Services tab of the ADH Prod cluster page. user also has the service administrator permissions for the HDFS service.

The Services tab as seen by user
The Services tab as seen by user

The ADCM administrator is able to view all services of the ADH Prod cluster.

The Services tab as seen by the ADCM administrator
The Services tab as seen by the ADCM administrator

Configure read-only permissions

The ADCM User role allows the user to view ADCM objects along with their configurations and components, yet does not allow the user to make any edits. This mode is, in fact, a read-only mode. The ADCM User role is available when creating policies likewise in the same way as above.

Found a mistake? Seleсt text and press Ctrl+Enter to report it